git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files
GitAlerts
GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed user (EMU) model.
Any public repository under the organization’s user account that was created accidentally or for testing purposes could leak secrets, internal information, code, etc. GitAlerts helps you detect and monitor such cases.
Usage
Scan GitHub repositories belonging to your organization’s users
git-alerts scan –org your-org-name
Monitor new public repositories being created by your organization’s users
git-alerts monitor –org your-org-name
Monitor new public repositories being created by your organization users with Slack notification
git-alerts monitor –org your-org-name –slack-alert
Setup slack webhook token as the environment variable
export SLACK_HOOK=SLACK_WEBHOOK_URL
Scan and generate reports with custom path
git-alerts scan –org your-org-name –report-path /your/file/path/
Scan with secrets detection using Trufflehog
Ensure trufflehog is installed in your machine
git-alerts detect –org your-org-name
Download
Copyright (C) 2024 c0d3G33k
